Known Vulnerabilities for products from Cakefoundation
Listed below are 6 of the newest known vulnerabilities associated with the vendor "Cakefoundation".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-35239 json | A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override... | 8.8 - HIGH | 2021-01-26 | 2021-02-02 |
| CVE-2020-15400 json | CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. | 4.3 - MEDIUM | 2020-06-30 | 2021-07-21 |
| CVE-2019-11458 json | An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigg... | 7.5 - HIGH | 2019-05-08 | 2020-08-24 |
| CVE-2012-4399 json | The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML da... | Not Provided | 2012-10-09 | 2026-04-29 |
| CVE-2010-4335 json | The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote ... | Not Provided | 2011-01-14 | 2026-04-29 |
| CVE-2006-4067 json | Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to injec... | 4.3 - MEDIUM | 2006-08-10 | 2017-07-20 |
Known software with vulnerabilities from Cakefoundation
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cakefoundation | Cakephp | 1.0.1.2708 |